+1 on key-based only! I'm a very strong proponent of moving port 22 to something non-standard... It hides a lot of the brute-force noise, so you know that anything that *does* come through is a bit more malicious. At this point I throw on Fail2Ban for good measure. :) I also advocate for ED25519 keys instead of RSA - simply because they're faster. E -------------------------------------------- Q: Why is this email five sentences or less? A: http://five.sentenc.es On Thu, 16 May 2019, at 12:50, Simon Green wrote:
On Thu, 16 May 2019, at 12:43 AM, Peter Reutemann wrote:
Only allow key-based logins?
^ this. Enabling password based logins via ssh is just asking to be hacked, regardless of what port you are running ssh on. All boxes I have control over only allow an rsa key to login in via ssh/
Digital Ocean have a useful guide on how to set this up for various distros https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-u...
-- Simon _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/mailman/listinfo/wlug